_SESSION handling cleanup start

Move all session_id and check calls function calls that we have to Session class

In Login class use new false return for session set check
Be sure all session set variables are unset, do extra unset call and
destroy call on close session
Login class does not set GLOBALS anymore (DEBUG_ALL, DB_DEBUG)

Update Logging to check for DEBUG_ALL from SESSION and set DEBUG_ALL on
and PRINT_ALL on.
All logging setting vars are primary via options and only if not set
there fallback to SESSION/GLOBALS and then defaults

DB:IO code for debug flag check has been updated for primary check in
config, then session/globals

Debug update for logging tester for first step to remove Basic class
call.
NOTE: after basic php unit tests are written the clean up for no longer
using Basic class has to start.
Switch to logging class for logging only needs

www/admin/class_test.debug.php

@@ -24,9 +24,7 @@ define('USE_DATABASE', false);
 // sample config
 require 'config.php';
 // set session name
-if (!defined('SET_SESSION_NAME')) {
-	define('SET_SESSION_NAME', EDIT_SESSION_NAME);
-}
+$GLOBALS['SET_SESSION_NAME'] = EDIT_SESSION_NAME;
 // define log file id
 $LOG_FILE_ID = 'classTest-debug';
 ob_end_flush();
@@ -37,7 +35,13 @@ use CoreLibs\Debug\Support as DebugSupport;
 use CoreLibs\Debug\FileWriter;
 
 $basic = new CoreLibs\Basic();
-$debug = new CoreLibs\Debug\Logging();
+$debug = new CoreLibs\Debug\Logging([
+	'log_folder' => BASE . LOG,
+	'file_id' => $LOG_FILE_ID,
+	'debug_all' => $DEBUG_ALL,
+	'print_all' => $PRINT_ALL,
+	'echo_all' => $ECHO_ALL,
+]);
 $debug_support_class = 'CoreLibs\Debug\Support';
 $debug_logging_class = 'CoreLibs\Debug\Logging';
 

www/lib/CoreLibs/ACL/Login.php

@@ -69,6 +69,7 @@ declare(strict_types=1);
 namespace CoreLibs\ACL;
 
 use CoreLibs\Check\Password;
+use CoreLibs\Create\Session;
 
 class Login extends \CoreLibs\DB\IO
 {
@@ -184,12 +185,13 @@ class Login extends \CoreLibs\DB\IO
 		}
 
 		// initial the session if there is no session running already
-		// TODO: move that to outside
-		\CoreLibs\Create\Session::startSession();
-		// check if session exists
-		if (!session_id()) {
-			echo '<b>Session not started!</b><br>Use \'session_start();\'.<br>';
-			echo 'For less problems with other session, you can set a session name with \'session_name("name");\'.<br>';
+		// check if session exists and could be created
+		// TODO: move session creation and check to outside?
+		if (Session::startSession() === false) {
+			echo '<b>Session not started or could not be started!</b><br>'
+				. 'Use \'\CoreLibs\Create\Session::startSession();\'.<br>'
+				. 'For less problems with other session, you can set a '
+				. 'session name with \'\CoreLibs\Create\Session::startSession(\'name\');\'.<br>';
 			exit;
 		}
 
@@ -209,7 +211,7 @@ class Login extends \CoreLibs\DB\IO
 		$this->login_is_ajax_page = isset($GLOBALS['AJAX_PAGE']) && $GLOBALS['AJAX_PAGE'] ? true : false;
 		// set the default lang
 		$lang = 'en_utf8';
-		if (session_id() !== false && !empty($_SESSION['DEFAULT_LANG'])) {
+		if (Session::getSessionId() !== false && !empty($_SESSION['DEFAULT_LANG'])) {
 			$lang = $_SESSION['DEFAULT_LANG'];
 		} else {
 			$lang = defined('SITE_LANG') ? SITE_LANG : DEFAULT_LANG;
@@ -408,11 +410,12 @@ class Login extends \CoreLibs\DB\IO
 				$this->login_error = 102;
 			} else {
 				// we have to get the themes in here too
-				$q = "SELECT eu.edit_user_id, username, password, eu.edit_group_id, "
+				$q = "SELECT eu.edit_user_id, eu.username, eu.password, "
+					. "eu.edit_group_id, "
 					. "eg.name AS edit_group_name, admin, "
 					. "eu.login_error_count, eu.login_error_date_last, "
 					. "eu.login_error_date_first, eu.strict, eu.locked, "
-					. "debug, db_debug, "
+					. "eu.debug, eu.db_debug, "
 					. "eareu.level AS user_level, eareu.type AS user_type, "
 					. "eareg.level AS group_level, eareg.type AS group_type, "
 					. "eu.enabled, el.short_name AS lang_short, el.iso_name AS lang_iso, "
@@ -477,8 +480,9 @@ class Login extends \CoreLibs\DB\IO
 						$this->loginCheckPermissions();
 						if ($this->login_error == 0) {
 							// now set all session vars and read page permissions
-							$GLOBALS['DEBUG_ALL'] = $_SESSION['DEBUG_ALL'] = $res['debug'];
-							$GLOBALS['DB_DEBUG'] = $_SESSION['DB_DEBUG'] = $res['db_debug'];
+							$_SESSION['DEBUG_ALL'] = $this->dbBoolean($res['debug']);
+							$_SESSION['DB_DEBUG'] = $this->dbBoolean($res['db_debug']);
+							// general info for user logged in
 							$_SESSION['USER_NAME'] = $res['username'];
 							$_SESSION['ADMIN'] = $res['admin'];
 							$_SESSION['GROUP_NAME'] = $res['edit_group_name'];
@@ -687,14 +691,6 @@ class Login extends \CoreLibs\DB\IO
 				$this->permission_okay = false;
 				return $this->permission_okay;
 			}
-			// unset mem limit if debug is set to 1
-			// if (
-			// 	($GLOBALS["DEBUG_ALL"] || $GLOBALS["DB_DEBUG"] ||
-			// 	$_SESSION["DEBUG_ALL"] || $_SESSION["DB_DEBUG"]) &&
-			// 	ini_get('memory_limit') != -1
-			// ) {
-			// 	ini_set('memory_limit', '-1');
-			// }
 			if (isset($res['filename']) && $res['filename'] == $this->page_name) {
 				$this->permission_okay = true;
 			} else {
@@ -714,21 +710,39 @@ class Login extends \CoreLibs\DB\IO
 	{
 		if ($this->logout || $this->login_error) {
 			// unregister and destroy session vars
-			unset($_SESSION['EUID']);
-			unset($_SESSION['GROUP_ACL_LEVEL']);
-			unset($_SESSION['USER_ACL_LEVEL']);
-			unset($_SESSION['PAGES']);
-			unset($_SESSION['USER_NAME']);
-			unset($_SESSION['UNIT']);
-			unset($_SESSION['DEBUG_ALL']);
-			unset($_SESSION['DB_DEBUG']);
-			unset($GLOBALS['DEBUG_ALL']);
-			unset($GLOBALS['DB_DEBUG']);
-			unset($_SESSION['LANG']);
-			unset($_SESSION['DEFAULT_CHARSET']);
-			unset($_SESSION['DEFAULT_LANG']);
-			unset($_SESSION['GROUP_NAME']);
-			unset($_SESSION['HEADER_COLOR']);
+			foreach (
+				// TODO move this into some global array for easier update
+				[
+					'ADMIN',
+					'BASE_ACL_LEVEL',
+					'DB_DEBUG',
+					'DEBUG_ALL',
+					'DEFAULT_ACL_LIST',
+					'DEFAULT_CHARSET',
+					'DEFAULT_LANG',
+					'EAID',
+					'EUID',
+					'GROUP_ACL_LEVEL',
+					'GROUP_ACL_TYPE',
+					'GROUP_NAME',
+					'HEADER_COLOR',
+					'LANG',
+					'PAGES_ACL_LEVEL',
+					'PAGES',
+					'TEMPLATE',
+					'UNIT_ACL_LEVEL',
+					'UNIT_DEFAULT',
+					'UNIT',
+					'USER_ACL_LEVEL',
+					'USER_ACL_TYPE',
+					'USER_NAME',
+				] as $session_var
+			) {
+				unset($_SESSION[$session_var]);
+			}
+			// final unset all
+			session_unset();
+			// final destroy session
 			session_destroy();
 			// then prints the login screen again
 			$this->permission_okay = false;
@@ -1384,7 +1398,7 @@ EOM;
 				$q .= "NULL, ";
 			}
 		}
-		$q .= "'" . session_id() . "', ";
+		$q .= "'" . Session::getSessionId() . "', ";
 		$q .= "'" . $this->dbEscapeString($this->action) . "', ";
 		$q .= "'" . $this->dbEscapeString($this->username) . "', ";
 		$q .= "NULL, ";

www/lib/CoreLibs/Admin/Backend.php

@@ -252,7 +252,10 @@ class Backend extends \CoreLibs\DB\IO
 			. "'" . $this->dbEscapeString($_SERVER['HTTP_ACCEPT'] ?? '') . "', "
 			. "'" . $this->dbEscapeString($_SERVER['HTTP_ACCEPT_CHARSET'] ?? '') . "', "
 			. "'" . $this->dbEscapeString($_SERVER['HTTP_ACCEPT_ENCODING'] ?? '') . "', "
-			. "'" . session_id() . "', "
+			. (\CoreLibs\Create\Session::getSessionId() === false ?
+				"NULL" :
+				"'" . \CoreLibs\Create\Session::getSessionId() . "'")
+			. ", "
 			. "'" . $this->dbEscapeString($this->action) . "', "
 			. "'" . $this->dbEscapeString($this->action_id) . "', "
 			. "'" . $this->dbEscapeString($this->action_yes) . "', "

www/lib/CoreLibs/Create/Session.php

@@ -1,10 +1,15 @@
 <?php
 
 /*
+ * AUTHOR: Clemens Schwaighofer
+ * DESCRIPTION:
  * start a php sesseion
  * name can be given via startSession parameter
  * if not set tries to read $SET_SESSION_NAME from global
  * if this is not set tries to read SET_SESSION_NAME constant
+ *
+ * TODO: add _SESSION write unset
+ * TODO: add session close down with all _SESSION vars unset
  */
 
 declare(strict_types=1);
@@ -28,10 +33,22 @@ class Session
 	 */
 	public static function startSession(?string $session_name = null)
 	{
+		// we can't start sessions on command line
+		if (php_sapi_name() === 'cli') {
+			return false;
+		}
+		// if session are OFF
+		if (self::getSessionStatus() === PHP_SESSION_DISABLED) {
+			return false;
+		}
+		// session_status
 		// initial the session if there is no session running already
-		if (!session_id()) {
+		if (!self::checkActiveSession()) {
+			// if session name is emtpy, check if there is a global set
+			// this is a deprecated fallback
 			$session_name = $session_name ?? $GLOBALS['SET_SESSION_NAME'] ?? '';
 			// check if we have an external session name given, else skip this step
+			// this is a deprecated fallback
 			if (
 				empty($session_name) &&
 				defined('SET_SESSION_NAME') &&
@@ -47,11 +64,15 @@ class Session
 			// start session
 			session_start();
 		}
+		// if we still have no active session
+		if (!self::checkActiveSession()) {
+			return false;
+		}
 		return self::getSessionId();
 	}
 
 	/**
-	 * Undocumented function
+	 * get current set session id or false if none started
 	 *
 	 * @return string|bool
 	 */
@@ -61,7 +82,7 @@ class Session
 	}
 
 	/**
-	 * Undocumented function
+	 * get set session name or false if none started
 	 *
 	 * @return string|bool
 	 */
@@ -69,6 +90,36 @@ class Session
 	{
 		return session_name();
 	}
+
+	/**
+	 * Checks if there is an active session.
+	 * Does not check if we can have a session
+	 *
+	 * @return boolean True if there is an active session, else false
+	 */
+	public static function checkActiveSession(): bool
+	{
+		if (self::getSessionStatus() === PHP_SESSION_ACTIVE) {
+			return true;
+		} else {
+			return false;
+		}
+	}
+
+	/**
+	 * get session status
+	 * PHP_SESSION_DISABLED if sessions are disabled.
+	 * PHP_SESSION_NONE if sessions are enabled, but none exists.
+	 * PHP_SESSION_ACTIVE if sessions are enabled, and one exists.
+	 *
+	 * https://www.php.net/manual/en/function.session-status.php
+	 *
+	 * @return int
+	 */
+	public static function getSessionStatus(): int
+	{
+		return session_status();
+	}
 }
 
 // __END__

www/lib/CoreLibs/DB/IO.php

@@ -390,7 +390,14 @@ class IO
 		$this->db_type = $db_config['db_type'] ?? '';
 		$this->db_ssl = !empty($db_config['db_ssl']) ? $db_config['db_ssl'] : 'allow';
 		// set debug, either via global var, or from config, else set to false
-		$this->dbSetDebug($GLOBALS['DB_DEBUG'] ?? $db_config['db_debug'] ?? false);
+		$this->dbSetDebug(
+			$db_config['db_debug'] ??
+			// should be handled from outside
+			$_SESSION['DB_DEBUG'] ??
+			// globals should be deprecated
+			$GLOBALS['DB_DEBUG'] ??
+			false
+		);
 
 		// set the target encoding to the DEFAULT_ENCODING if it is one of them: EUC, Shift_JIS, UTF-8
 		// @ the moment set only from outside
@@ -2040,10 +2047,13 @@ class IO
 	}
 
 	/**
-	 * if the input is a single char 't' or 'f' it will return the boolean value instead
-	 * @param  string|bool  $string 't' / 'f' or any string, or bool true/false
-	 * @param  boolean      $rev    do reverse (bool to string)
-	 * @return bool|string          correct php boolean true/false or postgresql 't'/'f'
+	 * if the input is a single char 't' or 'f
+	 * it will return the boolean value instead
+	 * also converts smallint 1/0 to true false
+	 * @param  string|bool|int $string 't' / 'f' or any string, or bool true/false
+	 * @param  boolean         $rev    do reverse (bool to string)
+	 * @return bool|string             correct php boolean true/false
+	 *                                 or postgresql 't'/'f'
 	 */
 	public function dbBoolean($string, $rev = false)
 	{

www/lib/CoreLibs/Debug/Logging.php

@@ -177,9 +177,19 @@ class Logging
 		} elseif (!empty($GLOBALS['LOG_FILE_ID'])) {
 			// legacy flow, should be removed and only set via options
 			$this->setLogId($GLOBALS['LOG_FILE_ID']);
+			// TODO trigger deprecation error
+			// trigger_error(
+			// 	'Debug\Logging: Do not use globals LOG_FILE_ID to set log id for Logging',
+			// 	E_USER_DEPRECATED
+			// );
 		} elseif (defined('LOG_FILE_ID')) {
 			// legacy flow, should be removed and only set via options
 			$this->setLogId(LOG_FILE_ID);
+			// trigger deprecation error
+			// trigger_error(
+			// 	'Debug\Logging: Do not use constant LOG_FILE_ID to set log id for Logging',
+			// 	E_USER_DEPRECATED
+			// );
 		}
 
 		// init the log levels
@@ -214,37 +224,45 @@ class Logging
 					isset($GLOBALS[$up_type]) &&
 					is_array($GLOBALS[$up_type])
 				) {
+					// TODO trigger deprecation error
 					$this->setLogLevel($type, $flag, $GLOBALS[$up_type]);
 				}
 			}
 		}
 
+		// TODO remove all $GLOBALS call and only use options
 		// all overrule
 		$this->setLogLevelAll(
 			'debug',
 			$this->options['debug_all'] ??
+				// for user login, should be handled outside like globals
+				$_SESSION['DEBUG_ALL'] ??
 				$GLOBALS['DEBUG_ALL'] ??
 				false
 		);
+		$this->setLogLevelAll(
+			'print',
+			$this->options['print_all'] ??
+				// for user login, should be handled outside like globals
+				$_SESSION['DEBUG_ALL'] ??
+				$GLOBALS['PRINT_ALL'] ??
+				false
+		);
 		$this->setLogLevelAll(
 			'echo',
 			$this->options['echo_all'] ??
 				$GLOBALS['ECHO_ALL'] ??
 				false
 		);
-		$this->setLogLevelAll(
-			'print',
-			$this->options['print_all'] ??
-				$GLOBALS['PRINT_ALL'] ??
-				false
-		);
 
 		// GLOBAL rules for log writing
+		// add file date is default on
 		$this->setGetLogPrintFileDate(
 			$this->options['print_file_date'] ??
 				$GLOBALS['LOG_PRINT_FILE_DATE'] ??
 				true
 		);
+		// all other logging file name flags are off
 		$this->setLogPer(
 			'level',
 			$this->options['per_level'] ??